hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kai Zheng (JIRA)" <j...@apache.org>
Subject [jira] [Created] (HADOOP-9796) Pluggable TokenAuth framework and core facilities
Date Tue, 30 Jul 2013 08:23:53 GMT
Kai Zheng created HADOOP-9796:

             Summary: Pluggable TokenAuth framework and core facilities
                 Key: HADOOP-9796
                 URL: https://issues.apache.org/jira/browse/HADOOP-9796
             Project: Hadoop Common
          Issue Type: Sub-task
          Components: security
    Affects Versions: 3.0.0
            Reporter: Kai Zheng

As discussed in HADOOP-9392, we're proposing a pluggable TokenAuth framework to abstract and
address the requirements, goals and collaboration concerns already widely discussed in the
JIRA with the design doc, and in community. In this JIRA, we'll: 

*Define the framework itself, and clarifies the key goals, properties, and facilities that
this framework should meet with and provide. Most of the points have already been explained
in HADOOP-9392 and the TokenAuth design doc. To collaborate with HSSO and more importantly
to allow other solutions, TokenAuth itself is just defined as a framework with required APIs,
protocols, flows, and facilities along with some simple implementations for related constructs,
entities and even services. The framework is neutral, no vendor specific, and subject to be
widely discussed and defined together as a common effort of community. As the most important
key point, the framework should be pluggable in all the key places to allow certain solutions
to employ their own product level implementations. Based on this framework, Rhino will come
up HAS solution. The framework related discussions in high level aspects can be in this separate
umbrella JIRA, and sub task JIRAs will be opened to address each aspect of the framework.

*Define APIs for all the important entities and parties involved in TokenAuth framework.

*Define important procedures and protocols, for example, the protocol between token authn
client and server. 

*Implement this framework with the defined APIs, procedures and protocols. Meanwhile, leave
pluggable extension points in key places for solutions to customize and implement with their
own complicated mechanisms. 

*Initially, we have the following items for the framework. It’s to be complemented. Each
of the items will be defined and discussed separately in corresponding subtask JIRA.
**Token definition and API;
**TokenAuthn method for Hadoop RPC;
**Authentication Service API;
**Identity Token Service API;
**Access Token Service API;
**Attribute Service API;
**Token authentication client;
**Token cache for TokenAuth;
**Common configuration for TokenAuth;
**Hadoop token command;
**Key Provider API;
**Web SSO for TokenAuth;
**REST SSO for TokenAuth;
**Auditing for TokenAuth;
**And etc.

This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

View raw message